- Added webmin authentication filter. Thanks to Guillaume Delvit

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@601 a942ae1a-1317-0410-a47c-b1dcaea8d605
18 years ago · 9ac663a121
3 changed files with 31 additions and 0 deletions
--- a/2
+++ b/2
@ -20,6 +20,8 @@ ver. 0.8.1 (2007/??/??) - stable
  Christian Rauch
 - Tightening up the pid check in redhat-initd. Thanks to
  David Nutter
+- Added webmin authentication filter. Thanks to Guillaume
+  Delvit

 ver. 0.8.0 (2007/05/03) - stable
 ----------
--- a/1
+++ b/1
@ -74,6 +74,7 @@ config/filter.d/sasl.conf
 config/filter.d/sshd.conf
 config/filter.d/sshd-ddos.conf
 config/filter.d/vsftpd.conf
+config/filter.d/webmin-auth.conf
 config/filter.d/wuftpd.conf
 config/action.d/hostsdeny.conf
 config/action.d/ipfw.conf
--- a/config/filter.d/webmin-auth.conf
+++ b/config/filter.d/webmin-auth.conf
@ -0,0 +1,28 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Rule by : Delvit Guillaume
+#
+# $Revision$
+#
+
+[Definition]
+
+# patern :      webmin[15673]: Non-existent login as toto from 86.0.6.217
+#               webmin[29544]: Invalid login as root from 86.0.6.217
+#
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = webmin.* Non-existent login as .+ from <HOST>$
+            webmin.* Invalid login as .+ from <HOST>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =